Fundamentals of Secure System Modelling

1. Front Matter

   Pages i-xx

   PDF

2. Introduction

   • Raimundas Matulevičius

   Pages 1-13

3. Security Risk Management

   1. Front Matter

      Pages 15-15

      PDF

   2. Domain Model for Information Systems Security Risk Management

      • Raimundas Matulevičius

      Pages 17-30

   3. Security Risk

      • Raimundas Matulevičius

      Pages 31-42

   4. Security Requirements

      • Raimundas Matulevičius

      Pages 43-60

4. Modelling Languages for Security Risk Management

   1. Front Matter

      Pages 61-61

      PDF

   2. Security Risk-Oriented BPMN

      • Raimundas Matulevičius

      Pages 63-76

   3. Security Risk-Aware Secure Tropos

      • Raimundas Matulevičius

      Pages 77-91

   4. Security Risk-Oriented Misuse Cases

      • Raimundas Matulevičius

      Pages 93-105

   5. Mal-activities for Security Risk Management

      • Raimundas Matulevičius

      Pages 107-115

5. Model-Driven Security Development and Application

   1. Front Matter

      Pages 117-117

      PDF

   2. Transformations Between Security Risk-Oriented Modelling Languages

      • Raimundas Matulevičius

      Pages 119-145

   3. Role-Based Access Control

      • Raimundas Matulevičius

      Pages 147-169

   4. Secure System Development Using Patterns

      • Raimundas Matulevičius

      Pages 171-195

6. Concluding Remarks

   1. Front Matter

      Pages 197-197

      PDF

   2. Secure System Development

      • Raimundas Matulevičius

      Pages 199-207

7. Back Matter

   Pages 209-218

   PDF

This book provides a coherent overview of the most important modelling-related security techniques available today, and demonstrates how to combine them. Further, it describes an integrated set of systematic practices that can be used to achieve increased security for software from the outset, and combines practical ways of working with practical ways of distilling, managing, and making security knowledge operational.


The book addresses three main topics: (1) security requirements engineering, including security risk management, major activities, asset identification, security risk analysis and defining security requirements; (2) secure software system modelling, including modelling of context and protected assets, security risks, and decisions regarding security risk treatment using various modelling languages; and (3) secure system development, including effective approaches, pattern-driven development, and model-driven security.


The primary target audience of this book is graduate students studying cyber security, software engineering and system security engineering. The book will also benefit practitioners interested in learning about the need to consider the decisions behind secure software systems. Overall it offers the ideal basis for educating future generations of security experts.

• Systems Security
• Software security engineering
• Systems modeling
• Risk management
• Software development

“Dr. Matulevičius’ book gives a coherent account of the most important modeling-related security techniques today, and is well suited for educating the next generations of security experts.” (Prof. Andreas Lothe Opdahl, University of Bergen, Norway)

“Dr. Matulevičius introduces a fundamental set of knowledge for the advanced management of risk and security. Going from the conceptual aspects to practical tools, this book provides a broad coverage of the field.“ (Nicolas Mayer, Ph.D., Luxembourg Institute of Science and Technology)

• Institute of Computer Science, University of Tartu, Tartu, Estonia

  Raimundas Matulevičius

​Raimundas Matulevičius is Associate Professor of Software Systems at the University of Tartu, Estonia. He has spent over 15 years teaching and conducting research in the fields of security requirements engineering, secure software design and information systems security in Norway, Belgium and Estonia. He is co-coordinator of the Cyber Security Masters curriculum delivered by Tallinn University of Technology and University of Tartu.

Policies and ethics